The Evolution of the APS Beamline Personnel Safety System (PSS)

The Evolution of theAPS Beamline Personnel Safety

System (PSS)

Work supported by U.S. Department of Energy, Office of Science, Office of Basic Energy Sciences, under Contract No. DE-AC02-06CH11357

Phil McNamara-PresenterKenneth BelcherGreg MarkovichAdvanced Photon SourceSafety Interlocks Group

2

PSS History Overview

GENERATION 1Chain A Chain B

AB PLC 5 GE 90-70ESD ESD

C&C Hardwired I/O Interface

LED & PB HMI2 Day Validations

GENERATION 2Chain A Chain B Chain C

AB PLC 5 GE 90-70 PC .ESD ESD C&C

Hardwired I/O InterfaceTouchpanel HMI2 Day Validations

GENERATION 1UChain A Chain BAB PLC 5 GE RX7i

ESD ESD C&C

Hardwired I/O InterfaceLED & PB HMI

Acceptance Test performedResulting in 1/2 Day Validations

GENERATION 1MChain A Chain B

AB PLC 5 GE 90-70ESD ESD

C&C Hardwired I/O Interface

LED & PB HMI2 Day Validations

Analog Modules & Latch Chain B

GENERATION 3UChain A Chain B Chain C

Contrologix Contrologix ContrologixESD ESD C&C Circuit Board I/O Interface

Touchpanel HMIAcceptance Test performed

Resulting in 1/2 Day Validations

GENERATION 3Chain A Chain B Chain C

Contrologix Contrologix ContrologixESD ESD C&C Circuit Board I/O Interface

Touchpanel HMI2 Day Validations

3

GEN1 PSS Processors:

– Dissimilar: • Chain A - Allen Bradley (AB) PLC5 – ESD, C&C intermixed• Chain B - General Electric (GE) 90-70 – ESD only – Faults were not latched

Programming Languages– Dissimilar :

• Chain A – Ladder Logic• Chain B – State Logic, Ladder Logic and MegaBasic

HMI: – LEDs and mechanical PBs

I/O Interface:– Hardwired to terminal blocks– Inconsistent addressing

DIW Monitoring– LOVE process controllers, binary output, 1 channel per station

Validations– Invasive, 2-3 days

• Hardwired Front-End Simulator• Laptops running DOS (Windows 98)

Communication – Relay isolation for signals between chains (status, permits, and heart beat)– One-way communication to EPICS

• Chain A – DH+ through a Data Communications Module (PLC writes only, no read functions)• Chain B – RS232 through a Processor Control Module (PLC writes only, no read functions)

4

GEN1 PSS

Chain AEmergency Shutdown and

Command and Control PLC

Chain BEmergency Shutdown PLC

ACIS

Air Supply

Global OnlineSolenoid

SafetyShutter 1

SafetyShutter 2

Photon Shutter 2Integral

Shutters

Beam Line

Station A

WDT

SR Trip/Fault

Photon

Shutter 1

Open status

Closed status

Open status

Open status

Open status

Closed status

Closed status

SR Trip/Fault

WDT

Stati

on A

Sea

rche

d

Stati

on A

Bea

m R

eady

Closed status

Door

clos

ed

Door

clos

ed

Esto

pEs

top

Open status

Open status

Closed status

Note: No closed switch status for PS1 to ACIS

5

GEN1 PSSBeamline vacuum sensors

Beamline components

DIW flow sensors

Beamline EPS

PSSBeamline Control System

( Station Enclosure)

User Panels( Pushbuttons, keyswitches and LED

Indicators)

PSS PLCFront - End Control System

( Mezzanine Rack)

PSS EPICS IOC

FEEPS EPICS IOC

Storage Ring MPS

Front - End vacuum valves position

( SV , FV , FEV , BIV )

Front - End components

DIW flow sensors

Front - End vacuum sensors

FEEPS ( Mezzanine Rack)

Remote IO link

ACIS Sector Interface Enclosure

ACIS IOC

Front - End Shutters

BL Shutter status

Beamline component DIW flow sensors

Relay contact from Love Controllers

Solenoidcontrol

Solenoid control

Closed switchesFE shutter permit

GOL key status

Open switches

Closed switches(except PS1)

ACIS PLC( Main Control

Room)

FES Closed status

PS 1 open requestFE shutter permit

FES Open status

PSS SR trips

Shutter air supplyPressure sensors

BL Shutterpermits

Beamline Shutters(1 , 2 or 3 )

Hutch doors

Search stations

E - stop buttons

Remote I/O link

ACISControlled Equipment

( RF & Dipole)

FE shutter & vacuum permit

FE shutter & valve status

Beamline PSS interface diagram

Up to 6 stations

Beamline valves

position

Remote Shutter

Interface

Air supply shutoff (except PS1)

6

GEN1 PSS 1. The Front-End Shutter (FES) Simulator is connected.

• The Front-End Shutters are critical devices that can’t be operated during the validation. Therefore their operations and statuses must be simulated.

• The connectors on the Front-End Relay Distribution Panel (FERDP) for the Front-End Shutters (FES), Access Control Interlock System (ACIS), Front-End Equipment Protection System (FEEPS), De-Ionized Water (DIW) and Beamline Equipment Protection System (BLEPS) systems are unplugged and the simulator connectors are plugged in their place.

• The simulator allows the operator to manipulate and monitor the signals normally supplied by these devices and/or systems.

2. An Input/Output Validation is performed.• Verify that each device is properly functioning and wired to the assigned input or output of the

Emergency Shut Down (ESD) system’s PLC.• Verify chain independence.

3. A Functional Test (Validation) is performed.• The system is monitored for proper response to inputs from the field devices and/or the simulator

for each test case.• In order to facilitate specific test cases for critical devices, the Station User Panel (15U) connectors

are unplugged, and a test box is plugged in series with the existing devices.• This test box is used to interrupt the signals from the field devices to simulate individual tests cases.• After these particular tests are done, the test box is unplugged and the connectors are plugged back

into their original receptacles.• This process is repeated at each 15U several times during the validation.

4. At the end of the Functional Validation, the FERDP simulator is unplugged and the connectors are plugged back in, and a functional test of the front end components is performed.

Testing Methodology

7

GEN1 PSS Front-End Relay Distribution Panel (FERDP)

GEN1 PSS

8

GEN1 PSSValidation FES Simulator Cables

Validation FES Simulator Rear Panel

9

Validation FES SimulatorGEN1 PSS

10

GEN1 PSSDOS-based GE validation laptop

11

1. Disconnecting the real I/O for validation is invasive.2. Problems in reconnecting the real I/O.

• Not reconnected in the proper location• Not seated fully• Connectors or wires broken during the process

3. Maintaining laptops that are compatible with Windows 98 & DOS.

GEN1 PSS Testing Methodology Problems

12


– Dissimilar• Chain A - AB PLC5, ESD• Chain B - GE 90-70, ESD• Chain C - Industrial computer utilizing Siemens I/O, Command & Control

Programming Languages– Dissimilar :

• Chain A – Ladder Logic• Chain B – State Logic, Ladder Logic and MegaBasic• Chain C – Cimplicity soft PLC (Wonderware)

HMI: – Soft Panel displays & controls

I/O Interface:– Hardwired to terminal blocks

DIW Monitoring– LOVE process controllers, binary output, 1 channel per station

Validations– Invasive, 2-3 days

• Front-End Simulator• Laptops running DOS (Windows 98)

Communication – Relay isolation for signals between chains (status, permits, and heart beat)– One-way communication from ESD systems to Chain C using Profibus (ESD systems write only, no read functions)– Profibus between Chain C and EPICS

13


– Similar - AB ControlLogix L61• Chain A – ESD• Chain B – ESD • Chain C – Command & Control

Programming Languages– Ladder Logic

HMI: – Soft Panel displays and controls

I/O Interface:– Hardwired to Circuit Boards– Consistent locations

DIW Monitoring– Initially LOVE process controllers, binary output,

1 channel per station– Migrated quickly to Analog modules in the ESD PLCs

Validations– 2-3 days

• All I/O simulated (Diode injection)• Touch Panel HMI

Communication – Electronic isolation for signals between chains (status, permits, and heart beat)– One-way communication from ESD systems to Chain C using Profibus (ESD systems write only, no read functions)– Profibus between Chain C and EPICS

14

Chain-CCommand & Control (C&C) PLC

EPICS

Chain AEmergency Shutdown (ESD) PLC

ACIS –PSSInterface

Air Supply

Global On/Off Line

Station A Door Control

HMI &Non Critical I/O

PhotonShutter 2,

SafetyShutter 1,

SafetyShutter 2

IntegralShutters

Beam Line

Station BSafety I/O

HMI

Station ASafety I/O

HMI

WDT, Cross Trip,

Search Status, etc

GEN3 PSS

FES limit switches are not shown but are interfaced the same as GEN1 PSS with ACIS connected directly to FES closed limit switches. ACIS does not monitor PS1 closed limit switches.

Chain BEmergency Shutdown (ESD) PLC

Station B Door Control

data

data

15

Beamline vacuum sensors

Beamline components

DIW flow sensors

Beamline EPS



User Panels( HMI’s and key

Switches)


( Mezzanine Rack)

PSS EPICSIOC - RSI & Clock Sync

FEEPS EPICS IOC

Storage Ring MPS




DIW flow sensors



Remote IO link


ACIS IOC


BL Shutter status


Analog PLC modulesdirect to transducers (8)

Solenoid control


GOL key status

Open switches

Closed switches (except PS1)


Room)

FES closed status

PS1 Open requestFE shutter permit

FES Open status

PSS SR trips

Shutter air supply Pressure sensors

Chain A only

BL Shutterpermits

Beamline Shutters (1,2 or 3)

Hutch doors

Search stations

E - stop buttons

Remote I/O link


( RF & Dipole)



Up to 8 stations

Beamline valves

position


GEN3 PSSBeamline PSS interface diagram

PSS Trip Test

SolenoidControl

MEZZIE

16

1. A testing system is connected in parallel.• The Front-End Shutters are critical devices that can‘t be operated during the validation.• A HMI & PLC are connected to all 3 PLCs via Ethernet.• When the Test Cover is lifted the Front-End Shutters solenoid outputs and ACIS SR Permit are disconnected through

relays.• The HMI system will allow the operator to monitor signals coming from the PSS.

2. An I/O Validation is performed.• This will still be done to verify that each device is properly functioning and wired to the assigned input or output of the

Emergency Shut Down (ESD) system’s PLC.• Verify chain independence.

3. A Functional Test (Validation) is performed.• The Validation injection hardware is connected with no field device disconnections. • The power supplies are disconnected from the field devices via electro-mechanical relays via the Validation system.• The Validation system will allow the operator to manipulate all inputs going to the PSS.• The ESD system can be monitored for proper response to inputs.• All test case scenarios can be simulated.

4. At the end of the Functional Test, the Validation system is disconnected. 5. The field devices, inputs and outputs are re-enabled with none of the PSS wiring being disturbed.

6. The method of disabling and re-enabling the PSS inputs and outputs is failsafe.

GEN3 PSSTesting Methodology

17

1. Once the Validation system is connected, there is no unplugging and plugging in of connectors during the functional test.

2. The I/O Validation uses a touch panel HMI instead of laptop computers.3. All inputs are disabled via relays instead of being unplugged. 4. All functional testing is done via injection of test signals. This allows for a full functional test of the system

to be performed. 5. Upon completion of the functional test, the critical devices are re-enabled instead of reconnected.

GEN3 PSSTesting Methodology – Key Changes

18

Door Switch

Shutter ClosedLimit Switch

Shutter OpenLimit Switch

+24V

PSS

1 Power is supplied to the PSS field device inputs via CR12 Signals from the field devices pass through the series diodes

D1

D2

D3

CR1

1

Connections for the Validation System

2

GEN3 PSSTesting Methodology

Normal Operation-Validation System not connected

19

Door Switch



+24V

PSS

Disable power to

field devices

Injected Test Signals

Test Mode

Enabled

Bus Monitor

1 Power is still supplied to the PSS field device inputs via CR12 Chain C verifies Validation System is connected to turn OFF its outputs

CR1

1

Removable Test Connector

2

GEN3 PSSTesting Methodology -Validation System connected

20

Door Switch



+24V

PSS

Disable power to

field devices

InjectTest Signals

Test Mode

Enabled

Bus Monitor

CR1

1

Removable Test Connector

GEN3 PSSTesting MethodologyValidation System connected

1 Power is removed from the PSS field device inputs via CR12 The Validation System verifies field device power is disabled3 Test signals can now be injected for functional testing

32

21

1 Front-End Shutter (FES) operations and Storage Ring Permit enabled via 4-pole relays

2 All systems can verify FES is disabled3 Outputs are monitored for proper operation

GEN3 PSSTesting Methodology - Disabling of FES

Validation System connected

1

P S 1 O P E N TO V A L ID A TI O N S Y S TE M

O A _ P S 1_ P E R M ITO B _ P S 1 _P E R M I T

IN J E C TE D F R O M V A L ID A TI O N S Y S TE M

O C _ P S 1 _ O P E N _ C O M M A N D

V C

PS1 Solenoid

M e zz Tes t C o v e r M E Z Z I E O v e rr id e S ta t io n A Te s t C o v e r S t a t ion X Te s t C o v e r

V C -C O M

V C -C O M

IA _ F E S _C O N N E C TE D

V B -C O MV A -C O M

O A _ S TO R A G E _ R I N G _ P E R M ITESD-A STORAGE RING PERMIT TO ACIS

V A

32

22

GEN3 PSS

23

Validation System Main menu allows for configuration of beamline

GEN3 PSS

24

Front-End Shutter Functional Validation screen

GEN3 PSS

25

Station Functional Validation screen

GEN3 PSS

26

1. The connectors used in the Validation system are Multi Pin (~120) and are very fragile.

2. Real equipment is only exercised during the I/O validation.

GEN3 PSSTesting Methodology Problems

27

The GEN1 Mini-UpgradeGEN1 PSS with the following important but quick and cheap fixes

Hardware Changes– Changed the DIW monitoring to analog modules in the ESD PLCs (default set points are loaded at power up and allow adjust

via HMI thereafter).– Added Chain B Fault Lights to the Panel.

Software Changes– Modified Chain B code to require a reset before re-granting Storage Ring Permit .– Modified Chain B code to indicate a flow fault condition by blinking the new Chain B Minor Fault LED. – Modified Chain B code so that any remote block to PLC communication loss will latch a fault, remove all shutter permits, and

indicate a fault via blinking Chain B Fault LED. – Modified Chain A code so that the Storage Ring Permit was not a latched signal.– Modified Chain A code to lose station "Searched" status when it sees a Crash button pressed.– Modified Chain A code to generate a “Chain B Shutter Permit Lost" minor fault when a shutter is open and the

corresponding Chain B shutter permit goes low. – Modified Chain A code to add a “quick search” when a signal, only available when the FES simulator is connected to the

FERDP during validations, is asserted.– Modified Chain A code to lose search status for all stations any time a remote I/O communications fault exists.– Modified both Chains A & B to add a DIW bypass signal which is only available when the FES simulator is connected to the

FERDP during validations, is asserted.– Modified both Chains A & B to remove all Shutter permits when the Storage Ring Permit is removed.

28

The GEN1 Upgrade Processors:

– Redundant and Dissimilar: • Chain A - AB PLC5 ESD and C&C in Separate routines• Chain B - GE RX7i, ESD

Programming Languages– Similar :

• Chain A – Ladder Logic• Chain B – Ladder Logic and C++

HMI: – LEDs and mechanical PBs

I/O Interface:– Hardwired to terminal blocks– Software mapping of all I/O for standardization

DIW Monitoring– Analog modules in the ESD PLCs

Acceptance testing– Done in Lab (when changes are made or every 5 years) using a Wonderware-based software simulator

Validations– Annual, Noninvasive, 1/2 day

• Touch Panel HMI Simulating the Front-End Shutters Communication

– Relay isolation for signals between chains (status, permits, and heart beat)– One-way communication to EPICS

• Chain A – DH+ through a Data Communications Module (PLC writes only, no read functions)• Chain B – RS232 through a Processor Control Module (PLC writes only, no read functions)

29

The GEN1 Upgrade A thorough and concise specification document Each PLC chain separates logic routines - functionally

– Input and Output map(s)– ESD – immediate radiation hazard - logic

• Storage Ring Permit removing faults and trips– ESD – potential radiation hazard - logic

• Front-End Shutter Permit removing faults and trips• Beamline Shutter Permit removing faults and trips

– Command and Control logic (Chain A only)– Status logic– Warning logic

Major, Serious, and Minor Faults were changed to Faults, Trips, and Warnings with much clearer diagnostics for troubleshooting

ESD Permits driven by real equipment status rather than resulting fault codes Standardized station addressing (100s = Station A, 200s = Station B) Chain B reports the faults and trips Chain B looks at Search status from Chain A at the leading edge of the searched signal Doors locked when the search is complete, eliminating many Lock and Unlock buttons. Each station now has Beam Ready, Fault/Trip, and No Access Allowed indicators.

Software Changes

GEN 1 Upgrade PSS

30

Chain AEmergency Shutdown and

Command and Control PLC

Chain BEmergency Shutdown PLC

ACIS

Air Supply

Global OnlineSolenoid

SafetyShutter 1

SafetyShutter 2

Photon Shutter 2Integral

Shutters

Beam Line

Station A

WDT

SR Trip/Fault

Photon

Shutter 1

Open status

Closed status

Open status

Open status

Open status

Closed status

Closed status

SR Trip/Fault

WDT

Stati

on A

Sea

rche

d

Cros

strip

Cros

strip

Stati

on A

Bea

m R

eady

Closed status

Door

clos

ed

Door

clos

ed

Esto

pEs

top

Closed status

Open status

Open status

Closed status

ACIS now monitors PS1 as a backup for PS2Chain B PS1 Permit addedSearch Status from A to B is now leading edge triggerCross-trips were added

Hardware Changes

31

Beamline vacuum sensors

Beamline components

DIW flow sensors

Beamline EPS



User Panels( Pushbuttons, keyswitches and LED

Indicators)


( Mezzanine Rack)

PSS EPICS IOC

FEEPS EPICS IOC

Storage Ring MPS




DIW flow sensors



Remote IO link


ACIS IOC


BL Shutter status


Analog PLC modulesdirect to transducers (8)

Solenoidcontrol

Solenoid control


GOL key status

Open switches

ALL Closed switches


Room)

FES closed status

PS1 Open requestFE shutter permitEPICS clock sync

FES Open status

PSS SR trips

Shutter air supply Pressure sensors

Chain A only

BL Shutterpermits

Beamline Shutters (1,2 or 3)

Hutch doors

Search stations

E - stop buttons

Remote I/O link


( RF & Dipole)



Up to 6 stations

Beamline valves

position

Remote Shutter

Interface


GEN1 Upgrade PSSBeamline PSS interface diagram

32

• Internal memory tables were created to map all beamline I/O to a common addressing scheme (I/O wiring is not consistent across all beamlines).

This allows the Acceptance and Validation Systems to have a single program for all beamlines. This allows the Acceptance and Validation Systems to control where the inputs to the ESD logic

originate (i.e., from either real world devices or software signals). This allows the Acceptance and Validation Systems to simulate the Front-End Shutters and other

critical signals.

Testing Methodology

GEN1 Upgrade PSS

33

• Before PLC code is downloaded for testing at a beamline, testing is performed in a lab simulator called the Acceptance Test System (ATS)

• The ATS procedures tests ALL of the PLC logic

• ESD – immediate radiation hazard - logic (each fault and trip tested n+1 times)• Storage Ring Permit removing faults and trips

• ESD – potential radiation hazard - logic (each fault and trip tested n+1 times)• Front-End Shutter Permit removing faults and trips• Beamline Shutter Permit removing faults and trips

• Command and Control logic

• Warning logic

Testing Methodology – The ATS

GEN1 Upgrade PSS

34

Acceptance Test SystemGEN1 Upgrade PSS

SIMULATED OUTPUTS

ALLLOGIC

FAULT/TRIP DISABLE

QUICKSEARCH

ACCEPTANCE TEST SYSTEM HMI

AllInputs

INTERNAL INPUT STATUS

Cross Trip INHIBIT

INTERNAL OUTPUT STATUS

DISABLE REALINPUTS

SIMULATED ALL INPUTS

INTERNAL INPUT TABLE

INTERNAL OUTPUT TABLE

OUTPUT IMAGE TABLE

INPUTIMAGE TABLE

35

• I/O validation is performed first to verify that all beamline input and output devices operate correctly and are mapped properly to internal memory tables

• The VTS procedures perform testing for ONLY the following PLC logic• ESD – immediate and potential radiation hazard - logic

• Storage Ring Permit removing faults and trips• Shutter Permit removing faults and trips

• After a Validation is complete, the Validation System is disconnected from the PSS and the PSS returns to normal with no residual data (created by the Validation System) remaining in the data tables of the PLCs.

• It is of utmost importance to ensure the real inputs are mapped to the internal files/bits and no faults or trips are blocked after the Validation System is removed. This is accomplished by the following method: – A pulse, originating from the Validation System, must be present to activate any of these Validation System

functions in the PLCs.– Perform End-to-End Test (PSS input through ACIS output to dump beam).

Testing Methodology – The VTS

GEN1 Upgrade PSS

36

Validation Test System GEN1 Upgrade PSS

ACIS SRPERMIT

L E D S

A L L O TH E R I N P U TS

I/O TESTENABLE

ESDLOGIC

SIMULATED OUTPUTS(for I/O check)

KEYSW

FESsolenoids& manualdoor lockcommands

QUICKSEARCH

DISABLE REALOUTPUTS

ALL OTHER OUTPUTS

L E D

VALIDATION SYSTEM HMI

Some inputsdepends ontest type

INPUTMODULE

All others

OUTPUTMODULE

INTERNAL INPUT STATUS

INTERNAL OUTPUT STATUS

Cross Trip INHIBIT

L I M I T S W I TC H E S

P U S H B U TTO N S

All others

MEZZIE

DISABLE REALINPUTS

DOOR LOCKS

V+

SIMULATED INPUTS

PSS

FEIL

D I/

O OUTPUT IMAGE TABLE

INPUTIMAGE TABLE

INTERNAL INPUT TABLE

INTERNAL OUTPUT TABLE

SHUTTERSOLENOIDS

Trapped DoorLimit SW Disable

37

Validation System Main menu allows for configuration of beamline

GEN1 Upgrade PSS

38

Functional Validation screen manipulates FES switches to create trips and faults

GEN1 Upgrade PSS

39

Main Functional Validation screen contains mezzanine based signals and allows Validator to monitor SR Permit status

GEN1 Upgrade PSS

40

Processors: – Similar - AB ControlLogix L61

• Chain A – ESD• Chain B – ESD • Chain C – Command & Control

Programming Languages:– Ladder Logic

HMI: – Soft Panel displays and controls

I/O Interface:– Hardwired to Circuit Boards– Software mapping of all I/O– Diagnostic Modules on Front-End Shutter I/O

DIW Monitoring– Analog modules in the ESD PLCs

Acceptance Testing– Done in Lab (when changes are made or every 5 years) using a Wonderware-based software simulator

Validations– Annual, Noninvasive, 1/2 day

• Touch Panel HMI simulating the Front-End Shutters Communication

– Electronic isolation for signals between chains (status, permits, and heart beat)– One-way communication from ESD systems to Chain C using Produced and Consumed Tags over Ethernet– Ethernet between EPICS and Chain C using Produced and Consumed Tags

GEN3 Upgrade PSS

41

APS PSS ComparisonGen 1 Gen 2 Gen 3 Gen 1U Gen 3U

Hardware

AB - PLC5-30 AB - PLC5-30 3 - AB Contrologix L61‘ AB - PLC5-30 3 - AB Contrologix L61

GE - 90-70 GE - 90-70 GE - RX7i

Industrial Computer with Semiens I/O

Discrete panel interfaces GE - Soft panel displays AB - Soft Panel displays Discrete panel interfaces AB - Soft Panel displays

Love Controllers Love Controllers Love Controllers /Analog Modules Analog Modules Analog Modules

I/O Interface Hardwired - No Standard Hardwired - No Standard Circuit board - Standardized Hardwired - No Standard Circuit board - Standardized

Mapped in Logic to standardize Mapped in Logic

Communication to EPICS

AB - DH+ Profibus through Chain C Profibus through Chain C AB - DH+ Ethernet through Chain C

GE - Serial GE - Serial Produce & Consumed Tags

Software

Chain A - ESD and C&C combined Chain A - ESD only Chain A - ESD onlyChain A - ESD and C&C in separate

routines Chain A - ESD only

Ladder logic Ladder logic Ladder logic Ladder logic Ladder logic

Chain B - ESD only Chain B - ESD only Chain B - ESD only Chain B - ESD only Chain B - ESD only

State, Ladder and MegaBasic State, Ladder and MegaBasic Ladder logic Ladder logic & C++ Ladder logic

Chain C - C&C Chain C - C&C Chain C - C&C

Wonderware Ladder logic Ladder logic

Acceptance TestingNone None None Done in Lab utilizing Wonderware Done in Lab utilizing Wonderware

Testing All Logic (safety, C&C and

diagnostic)Testing All Logic (safety, C&C and

diagnostic)

System Validation

Invasive Invasive Non invasive Non invasive Non invasive

- DOS Based PCs - DOS Based PCs Touch Panel HMI Touch Panel HMI Touch Panel HMI

- Hardwired FES Simulator - Hardwired FES Simulator - Diode injection - simulating FES - simulating FES

- all other I/O is real - all other I/O is real- Contrologix processor with Seimens

I/O - all other I/O is real - all other I/O is real

- simulating all I/O All Logic is tested (safety, C&C and

diagnostic)All Logic is tested (safety, C&C and

diagnostic)All Logic is tested (safety, C&C and

diagnostic)Only ESD – prompt radiation hazard -

logic is testedOnly ESD – prompt radiation hazard -

logic is tested

The Evolution of the APS Beamline Personnel Safety System (PSS)

Documents

Transcript of The Evolution of the APS Beamline Personnel Safety System (PSS)